Notes from 10/8 Security SIG meeting

Kay Williams

Hi everyone, for those who were unable to attend this morning’s meeting, notes available in our agenda document (here). I have copied below for convenience.


Our next meeting will be on Tuesday 10/22 at 8 AM Pacific.


Agenda and Notes:

  • Welcome and Overview
  • Upcoming Events
    • CD Summit San Diego 11/18
      • Software Supply Chain Security
      • Security SIG Lightning Talk
  • Security Working Groups
    • Software Supply Chain Security
      • Overview of of joint SBOM effort with CISQ, OMG
      • Presentation here
    • Other working group ideas and interests?
      • Telemetry - best practices around collecting, implementation, code
        • Concerns about PII data being collected in telemetry
        • GDPR compliance for telemetry and data collection
        • Guidance for shared projects on regulatory compliance
        • Dan Lopez to discuss at TOC
      • Credential leak management
        • Common process / APIs for communicating leaked credentials
        • Guidance on scanning for leaked credentials, e.g. passwords, SSH keys, etc.